Unauthorized account access lockout reduction

ABSTRACT

A method and system for determining unauthorized account access is provided. The method includes receiving a username of a user and a passcode for access to a secure account or device belonging to a user. The passcode is determined to be incorrect. Unauthorized access attempts with respect to the secure account or the device are determined based on based on the incorrect passcode and in response, a quality factor associated with the incorrect passcode with respect to the secure account or device is determined. The quality factor is compared to a threshold value. Security functions associated with the secure account or device with respect to the incorrect passcode and the results of the comparison are performed based on the quality factor and the unauthorized access attempts.

This application is a continuation application claiming priority to Ser.No. 14/995,265 filed Jan. 14, 2016, now U.S. Pat. No. 9,396,323, issuedJul. 19, 2016, which is a continuation application claiming priority toSer. No. 14/189,703 filed Feb. 25, 2014 now U.S Pat. No. 9,275,219issued Mar. 1, 2016.

FIELD

The present invention relates generally to a method for reducingunauthorized account access lockout and in particular to a method andassociated system determining a quality of an unauthorized accountaccess attempt.

BACKGROUND

Accessing devices typically includes an inaccurate process with littleflexibility. Preventing access to a user device may include acomplicated process that may be time consuming and require a largeamount of resources. Accordingly, there exists a need in the art toovercome at least some of the deficiencies and limitations describedherein above.

SUMMARY

A first aspect of the invention provides a method comprising: receiving,by a computer processor of a computing system, a username of a user anda passcode for access to a secure account or device belonging to theuser; determining, by the computer processor, that the passcodecomprises an incorrect passcode; determining, by the computer processorbased on the incorrect passcode, unauthorized access attempts associatedwith the secure account or device; determining, by the computerprocessor, a quality factor associated with the incorrect passcode withrespect to the secure account or device; comparing, by the computerprocessor, the quality factor to a predetermined threshold value; andperforming, by the computer processor based on results of the comparingand the unauthorized access attempts, security functions associated withthe secure account or device with respect to the incorrect passcode.

A second aspect of the invention provides a computing system comprisinga computer processor coupled to a computer-readable memory unit, thememory unit comprising instructions that when executed by the computerprocessor implements a method comprising: receiving, by the computerprocessor, a username of a user and a passcode for access to a secureaccount or device belonging to the user; determining, by the computerprocessor, that the passcode comprises an incorrect passcode;determining, by the computer processor based on the incorrect passcode,unauthorized access attempts associated with the secure account ordevice; determining, by the computer processor, a quality factorassociated with the incorrect passcode with respect to the secureaccount or device; comparing, by the computer processor, the qualityfactor to a predetermined threshold value; and performing, by thecomputer processor based on results of the comparing and theunauthorized access attempts, security functions associated with saidsecure account or device with respect to said incorrect passcode.

A third aspect of the invention provides a computer program product,comprising a computer readable hardware storage device storing acomputer readable program code, the computer readable program codecomprising an algorithm that when executed by a computer processor of acomputer system implements a method, the method comprising: receiving,by the computer processor, a username of a user and a passcode foraccess to a secure account or device belonging to the user; determining,by the computer processor, that the passcode comprises an incorrectpasscode; determining, by the computer processor based on the incorrectpasscode, unauthorized access attempts associated with the secureaccount or device; determining, by the computer processor, a qualityfactor associated with the incorrect passcode with respect to the secureaccount or device; comparing, by the computer processor, the qualityfactor to a predetermined threshold value; and performing, by thecomputer processor based on results of the comparing and theunauthorized access attempts, security functions associated with thesecure account or device with respect to the incorrect passcode.

The present invention advantageously provides a simple method andassociated system capable of accessing devices.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a system for reducing unauthorized device or accountaccess lockouts, in accordance with embodiments of the presentinvention.

FIG. 2 illustrates an algorithm detailing a process flow enabled by thesystem of FIG. 1 for reducing unauthorized device or account accesslockouts, in accordance with embodiments of the present invention.

FIG. 3 illustrates a computer apparatus used by the system of FIG. 1 forreducing unauthorized device or account access lockouts, in accordancewith embodiments of the present invention.

DETAILED DESCRIPTION

FIG. 1 illustrates a system 100 for reducing unauthorized device oraccount access lockouts, in accordance with embodiments of the presentinvention. System 100 enables a process for determining a quality of anunauthorized account access attempt. A quality of an unauthorizedaccount access attempt may be determined by analyzing increments ofaccount access attempts thereby triggering a lockout based on a match athreshold percentage (e.g. 50%) of characters and positions in apassword, PIN, or other credential. A login session may be initiatedfrom a different system (IP address) with respect to a process forallowing an authorized login into an account or device.

System 100 of FIG. 1 includes devices 5 a . . . 5 n connected through anetwork 7 to a computing system 14. Network 7 may include any type ofnetwork including, inter alia, a local area network, (LAN), a wide areanetwork (WAN), the Internet, a wireless network, etc. Devices 5 a . . .5 n may include any type of computing devices or software systemsincluding, inter alia, a computer (PC), a laptop computer, a tabletcomputer, a server, a PDA, a smart phone, a secure Website, anapplication, etc. Computing system 14 may include any type of computingsystem(s) including, inter alia, a computer (PC), a laptop computer, atablet computer, a server, etc. Computing system 14 includes a memorysystem 8. Memory system 8 may include a single memory system.Alternatively, memory system 8 may include a plurality of memorysystems. Memory system 8 includes software 17.

System 100 enables a process for preventing unauthorized access toaccounts and devices by automatically locking or performing a memoryreset (of an associated device) after a specified number of invalidlogin attempts (e.g. 5 to 10 retries with respect to the account ordevice. In order to prevent a false access lockout or device reset fromoccurring (e.g., accidental incorrect password entry by an authorizeduser), a quality factor associated with associated with an incorrectlogin attempt may be determined. The quality factor is used to determineif a device lockout process or memory reset process should be executed.For example, an algorithm may be executed to determine specificincrements associated with incorrect login attempts that trigger alockout or memory reset process. The quality factor indicates that theentered passcode (e.g., password, PIN, additional credentials, etc.)must match at least some percentage (e.g., 50%) of the characters and/orpositions in the passcode. If the quality factor is determined to beless than a specified threshold, a session-specific access attempt countis incremented without performing a lockout or memory reset process.With respect to low quality access attempts (i.e., a low qualityfactor), a session-specific increment count may be triggered. Thesession-specific increment may be used for presenting a message andenforcing local login prevention without actually locking the account orresetting a memory. With respect to a session-specific login lockout,re-allowing login attempts may be triggered via a variety of conditions.For example, if a login session is initiated from a different system(e.g., IP address) or after a configurable time frame parameter (e.g.,30 minutes has been reached between attempts), additional conditions maybe used to initiate acceptance of attempts to log into the account ordevice.

The following examples illustrate implementation scenarios and aredescribed as follows:

EXAMPLE 1

System 100 is configured to enable a process for: automatically lockinga user out of a device or secure account (e.g., one of devices 5 a . . .5 n) or performing a memory reset for one of devices 5 a . . . 5 n afterfive determined quality login attempts (e.g., 50% or more of charactersand/or associated positions match an original passcode) in combinationwith a thirty minute access reset allowance timeframe. For example(based on the aforementioned configuration), a user picks up a device(e.g., one of devices 5 a . . . 5 n) and performs random login sequenceattempts. In response, software in the device and/or software 17determines that the random login sequence attempts comprise low qualitylogin attempts (e.g., 50% or less characters and/or associated positionsmatch an original passcode). The random login sequence attempts areblocked after five tries, but the device is enabled to be logged intoagain after a half hour.

EXAMPLE 2

System 100 is configured to enable a process for: automatically lockinga user out of a device or secure account (e.g., one of devices 5 a . . .5 n) or performing a memory reset for one of devices 5 a . . . 5 n afterfive determined quality login attempts (e.g., 50% or more of charactersand/or associated positions match an original passcode) in combinationwith approved logins (to the device or secure account) from separate IPaddresses. For example (based on the aforementioned configuration), afriend or colleague (of a user authorized to access the device or secureaccount) knows a user ID (of the user) and proceeds to enable a prank byentering false passcodes in order to lock out access to the device orsecure account. In response, system 100 determines that the falsepasscodes comprise low quality login attempts (e.g., 50% or lesscharacters and/or associated positions match an original passcode) andpresents a false lockout sequence. However, the actual account owner(i.e., the user) may connect from a different IP address and hostname inorder to log in without requiring an account reset from technicalsupport. As an alternative example (based on the aforementionedconfiguration), an individual performs malicious denial of serviceattempts (with respect to the device). In response, system 100determines that the false passcodes comprise low quality login attempts(e.g., 50% or less characters and/or associated positions match anoriginal passcode) and prevents enabling a denial of service process forthe true device/account owner. Additionally, system 100 is presentedwith a false message indicating that the device/account has been lockedout (i.e., the device/account has actually been locked out).

System 100 enables a process for triggering a comparison of a quality ofthe actual contents of the passcode. System 100 may initialize acomparison with passcode values stored in a passcode vault or othersecure repository. System 100 enables a process for locking adevice/account based on quality of a passcode attempt and enablingdifferent behavior between quality and non-quality unauthorized accessattempts.

FIG. 2 illustrates an algorithm detailing a process flow enabled bysystem 100 of FIG. 1 for reducing unauthorized device or account accesslockouts or memory resets, in accordance with embodiments of the presentinvention. Each of the steps in the algorithm of FIG. 2 may be enabledand executed in any order by a computer processor executing computercode. In step 200, a username of a user and a passcode (i.e., apassword, a pin number, a user name, etc.) for access to a secureaccount or device (belonging to the user) is received by a computerprocessor (of the device or associated system). In step 202 it isdetermined that the passcode comprises an incorrect passcode. In step204, it is determined (based on the incorrect passcode) thatunauthorized access attempts have been executed with respect to thesecure account or device. In step 208, a quality factor associated withthe incorrect passcode (and with respect to the secure account ordevice) is determined. The quality factor may indicate a specifiedpercentage of correct characters (of the incorrect passcode) withrespect to the (correct) passcode. The specified percentage of correctcharacters may indicate a specified level of quality of the incorrectpasscode with respect to the passcode. Alternatively, the quality factormay indicate a progression of a pattern of characters matchingcharacters of the passcode within a specified number of passcode inputattempts. In step 210, the quality factor is compared to a predeterminedthreshold value. In step 212, security functions associated with thesecure account or device (with respect to the incorrect passcode) areperformed based on results of the comparison process of step 410 and theunauthorized access attempts. If the results of the comparison processof step 410 indicate that the quality factor exceeds the predeterminedthreshold (i.e., indicating a high quality unauthorized login attempt),then the security functions may include the following processes:

-   1. Disabling the user ID from access to the secure account or    device.-   2. Locking (for a specified time period) the secure account or    device from being accessed.-   3. Deleting all information from secure account or device.-   4. Enabling access from an alternative location to the secure    account or device.

If the results of the comparison process of step 410 indicate that thequality factor is less than the predetermined threshold (i.e.,indicating a low quality unauthorized login attempt), then the securityfunctions may include the following processes:

-   1. Determining that a lockout function of the secure account or    device is not required and Indicating (e.g., via a graphical user    interface) that the secure account or device has been locked out.-   2. Determining that a system memory wipe function of said secure    account or device is not required and indicating (e.g., via a    graphical user interface) that the system memory wipe function of    said secure account or device secure account has been performed.

FIG. 3 illustrates a computer system 90 used by system 100 of FIG. 1 forreducing unauthorized device or account access lockouts or memoryresets, in accordance with embodiments of the present invention.

Aspects of the present invention may take the form of an entirelyhardware embodiment, an entirely software embodiment (includingfirmware, resident software, micro-code, etc.) or an embodimentcombining software and hardware aspects that may all generally bereferred to herein as a “circuit,” “module,” or “system.”

The present invention may be a system, a method, and/or a computerprogram product. The computer program product may include a computerreadable storage medium (or media) having computer readable programinstructions thereon for causing a processor to carry out aspects of thepresent invention.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe present invention may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, or either source code or object code written in anycombination of one or more programming languages, including an objectoriented programming language such as Java, Smalltalk, C++ or the like,and conventional procedural programming languages, such as the “C”programming language or similar programming languages. The computerreadable program instructions may execute entirely on the user'scomputer, partly on the user's computer, as a stand-alone softwarepackage, partly on the user's computer and partly on a remote computeror entirely on the remote computer or server. In the latter scenario,the remote computer may be connected to the user's computer through anytype of network, including a local area network (LAN) or a wide areanetwork (WAN), or the connection may be made to an external computer(for example, through the Internet using an Internet Service Provider).In some embodiments, electronic circuitry including, for example,programmable logic circuitry, field-programmable gate arrays (FPGA), orprogrammable logic arrays (PLA) may execute the computer readableprogram instructions by utilizing state information of the computerreadable program instructions to personalize the electronic circuitry,in order to perform aspects of the present invention.

Aspects of the present invention are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart and/or block diagram blockor blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the block may occur out of theorder noted in the figures. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustration, and combinations of blocksin the block diagrams and/or flowchart illustration, can be implementedby special purpose hardware-based systems that perform the specifiedfunctions or acts or carry out combinations of special purpose hardwareand computer instructions.

The computer system 90 illustrated in FIG. 3 includes a processor 91, aninput device 92 coupled to the processor 91, an output device 93 coupledto the processor 91, and memory devices 94 and 95 each coupled to theprocessor 91. The input device 92 may be, inter alia, a keyboard, amouse, a camera, a touchscreen, etc. The output device 93 may be, interalia, a printer, a plotter, a computer screen, a magnetic tape, aremovable hard disk, a floppy disk, etc. The memory devices 94 and 95may be, inter alia, a hard disk, a floppy disk, a magnetic tape, anoptical storage such as a compact disc (CD) or a digital video disc(DVD), a dynamic random access memory (DRAM), a read-only memory (ROM),etc. The memory device 95 includes a computer code 97. The computer code97 includes algorithms (e.g., the algorithm of FIG. 2) for reducingunauthorized device or account access lockouts or memory resets. Theprocessor 91 executes the computer code 97. The memory device 94includes input data 96. The input data 96 includes input required by thecomputer code 97. The output device 93 displays output from the computercode 97. Either or both memory devices 94 and 95 (or one or moreadditional memory devices not shown in FIG. 3) may include the algorithmof FIG. 2 and may be used as a computer usable medium (or a computerreadable medium or a program storage device) having a computer readableprogram code embodied therein and/or having other data stored therein,wherein the computer readable program code includes the computer code97. Generally, a computer program product (or, alternatively, an articleof manufacture) of the computer system 90 may include the computerusable medium (or the program storage device).

Still yet, any of the components of the present invention could becreated, integrated, hosted, maintained, deployed, managed, serviced,etc. by a service supplier who offers to reduce unauthorized device oraccount access lockouts or memory resets. Thus the present inventiondiscloses a process for deploying, creating, integrating, hosting,maintaining, and/or integrating computing infrastructure, includingintegrating computer-readable code into the computer system 90, whereinthe code in combination with the computer system 90 is capable ofperforming a method for reducing unauthorized device or account accesslockouts or memory resets. In another embodiment, the invention providesa business method that performs the process steps of the invention on asubscription, advertising, and/or fee basis. That is, a servicesupplier, such as a Solution Integrator, could offer to reduceunauthorized device or account access lockouts or memory resets. In thiscase, the service supplier can create, maintain, support, etc. acomputer infrastructure that performs the process steps of the inventionfor one or more customers. In return, the service supplier can receivepayment from the customer(s) under a subscription and/or fee agreementand/or the service supplier can receive payment from the sale ofadvertising content to one or more third parties.

While FIG. 3 shows the computer system 90 as a particular configurationof hardware and software, any configuration of hardware and software, aswould be known to a person of ordinary skill in the art, may be utilizedfor the purposes stated supra in conjunction with the particularcomputer system 90 of FIG. 3. For example, the memory devices 94 and 95may be portions of a single memory device rather than separate memorydevices.

While embodiments of the present invention have been described hereinfor purposes of illustration, many modifications and changes will becomeapparent to those skilled in the art. Accordingly, the appended claimsare intended to encompass all such modifications and changes as fallwithin the true spirit and scope of this invention.

What is claimed is:
 1. An unauthorized passcode access reduction methodcomprising: remotely receiving over a network, by a computer processorof a computing system from a user via a remote system comprising a firstIP address, a username of a user and a passcode for access to a secureaccount or device belonging to said user, wherein said first IP addressdiffers from a second IP address of said computing system; determining,by said computer processor based on said passcode being determined as anincorrect passcode and determining that said user is accessing saidcomputing system via said first IP address, unauthorized access attemptsassociated with said secure account or device; determining, by saidcomputer processor, a quality factor associated with said incorrectpasscode with respect to said secure account or device, wherein saidquality factor indicates a specified percentage and associated correctposition of correct characters within said passcode; retrieving, by saidcomputer processor from a secure repository, passcode values for saidpasscode; comparing, by said computer processor, said passcode valueswith contents of said passcode; and performing, by said computerprocessor based on results of said unauthorized access attempts, resultsof comparing said quality factor to a predetermined threshold percentagevalue indicating a threshold percentage and position of correctcharacters within said passcode, and results of said comparing saidpasscode values with contents of said passcode, security functionsassociated with prevention of a false access lockout or reset processwith respect to said secure account or device with respect to saidincorrect passcode.
 2. The method of claim 1, wherein said qualityfactor indicates a progression of a pattern of characters matchingcharacters of said passcode within a specified number of passcode inputattempts.
 3. The method of claim 1, wherein said quality factorindicates a specified level of quality of said incorrect passcode withrespect to said passcode, wherein said results of said comparingindicate that said quality factor exceeds said predetermined threshold,and wherein said performing said security functions comprises: disablingsaid username from access to said secure account or device.
 4. Themethod of claim 3, wherein said performing said security functionsfurther comprises: locking said secure account or device from beingaccessed.
 5. The method of claim 3, wherein said performing saidsecurity functions further comprises: deleting all information from saidsecure account or device.
 6. The method of claim 3, wherein saidperforming said security functions further comprises: enabling, by anadministrator, said username for access to said secure account ordevice.
 7. The method of claim 1, wherein said quality factor indicatesa specified level of quality of said incorrect passcode with respect tosaid passcode, wherein said results of said comparing indicate that saidquality factor exceeds said predetermined threshold, and wherein saidperforming said security functions comprises: locking said secureaccount or device from being accessed.
 8. The method of claim 7, whereinsaid performing said security functions further comprises: determiningthat a specified time period has elapsed; and enabling access to saidsecure account or device.
 9. The method of claim 7, wherein saidperforming said security functions further comprises: enabling accessfrom an alternative location to said secure account or device.
 10. Themethod of claim 1, wherein said quality factor indicates a specifiedlevel of quality of said incorrect passcode with respect to saidpasscode, wherein said results of said comparing indicate that saidquality factor exceeds said predetermined threshold, and wherein saidperforming said security functions comprises: deleting all informationfrom said secure account or device.
 11. The method of claim 1, whereinsaid quality factor indicates a specified level of quality of saidincorrect passcode with respect to said passcode, wherein said resultsof said comparing indicate that said quality factor is less than saidpredetermined threshold, and wherein said performing said securityfunctions comprises: determining, based on said specified level ofquality, that a lockout function of said secure account or device is notrequired; and indicating that said secure account or device has beenlocked out.
 12. The method of claim 1, wherein said quality factorindicates a specified level of quality of said incorrect passcode withrespect to said passcode, wherein said results of said comparingindicate that said quality factor is less than said predeterminedthreshold, and wherein said performing said security functionscomprises: determining, based on said specified level of quality, that asystem memory wipe function of said secure account or device is notrequired; and indicating that said system memory wipe function of saidsecure account or device secure account has been performed.
 13. Themethod of claim 1, further comprising: providing at least one supportservice for at least one of creating, integrating, hosting, maintaining,and deploying computer-readable code in the computing system, said codebeing executed by the computer processor to implement: said receiving,said determining said unauthorized access attempts, said determiningsaid quality factor, said comparing, and said performing.
 14. Acomputing system comprising a computer processor coupled to acomputer-readable memory unit, said memory unit comprising instructionsthat when executed by the computer processor implements an unauthorizedpasscode access reduction method comprising: remotely receiving over anetwork, by said computer processor from a user via a remote systemcomprising a first IP address, a username of a user and a passcode foraccess to a secure account or device belonging to said user, whereinsaid first IP address differs from a second IP address of said computingsystem; determining, by said computer processor based on said passcodebeing determined as an incorrect passcode and determining that said useris accessing said computing system via said first IP address,unauthorized access attempts associated with said secure account ordevice; determining, by said computer processor, a quality factorassociated with said incorrect passcode with respect to said secureaccount or device, wherein said quality factor indicates a specifiedpercentage and associated correct position of correct characters withinsaid passcode; retrieving, by said computer processor from a securerepository, passcode values for said passcode; comparing, by saidcomputer processor, said passcode values with contents of said passcode;and performing, by said computer processor based on results of saidunauthorized access attempts, results of comparing said quality factorto a predetermined threshold percentage value indicating a thresholdpercentage and position of correct characters within said passcode, andresults of said comparing said passcode values with contents of saidpasscode, security functions associated with prevention of a falseaccess lockout or reset process with respect to said secure account ordevice with respect to said incorrect passcode.
 15. The computing systemof claim 14, wherein said quality factor indicates a progression of apattern of characters matching characters of said passcode within aspecified number of passcode input attempts.
 16. The computing system ofclaim 14, wherein said quality factor indicates a specified level ofquality of said incorrect passcode with respect to said passcode,wherein said results of said comparing indicate that said quality factorexceeds said predetermined threshold, and wherein said performing saidsecurity functions comprises: disabling said username from access tosaid secure account or device.
 17. The computing system of claim 16,wherein said performing said security functions further comprises:locking said secure account or device from being accessed.
 18. Acomputer program product, comprising a computer readable hardwarestorage device storing a computer readable program code, said computerreadable program code comprising an algorithm that when executed by acomputer processor of a computer system implements an unauthorizedpasscode access reduction method, said method comprising: remotelyreceiving over a network, by said computer processor from a user via aremote system comprising a first IP address, a username of a user and apasscode for access to a secure account or device belonging to saiduser, wherein said first IP address differs from a second IP address ofsaid computing system; determining, by said computer processor based onsaid passcode being determined as an incorrect passcode and determiningthat said user is accessing said computing system via said first IPaddress, unauthorized access attempts associated with said secureaccount or device; determining, by said computer processor, a qualityfactor associated with said incorrect passcode with respect to saidsecure account or device, wherein said quality factor indicates aspecified percentage and associated correct position of correctcharacters within said passcode; retrieving, by said computer processorfrom a secure repository, passcode values for said passcode; comparing,by said computer processor, said passcode values with contents of saidpasscode; and performing, by said computer processor based on results ofsaid unauthorized access attempts, results of comparing said qualityfactor to a predetermined threshold percentage value indicating athreshold percentage and position of correct characters within saidpasscode, and results of said comparing said passcode values withcontents of said passcode, security functions associated with preventionof a false access lockout or reset process with respect to said secureaccount or device with respect to said incorrect passcode.
 19. Thecomputer program product of claim 18, wherein said quality factorindicates a progression of a pattern of characters matching charactersof said passcode within a specified number of passcode input attempts.20. The computer program product of claim 18, wherein said qualityfactor indicates a specified level of quality of said incorrect passcodewith respect to said passcode, wherein said results of said comparingindicate that said quality factor exceeds said predetermined threshold,and wherein said performing said security functions comprises: disablingsaid username from access to said secure account or device.